It appears that Final Fantasy 14 is encountering a significant issue with its coding. As early as January, it was found out that Square Enix’s attempts to enhance their blacklist system ended up making it even worse, in a completely new manner.
As a devoted gamer, let me explain how things have evolved in our virtual world recently. Instead of individual player identities being transmitted, the latest system now broadcasts account IDs to other users. TheseIDs, effortlessly extracted by common software, have unfortunately provided an opening for troublemakers and stalkers. With these IDs, they can compile a comprehensive list of their targets’ alternate characters, facilitating easier harassment. Although tools like PlayerScope have been collecting and displaying this information, they merely represent the exposed tip of an iceberg that’s been gradually growing since the expansion was launched.
As a dedicated fan, I was hopeful when Square Enix announced they were addressing the issue before Patch 7.2, hinting at an end to our shared ordeal. However, within mere hours of that announcement, coder NotNite found a chink in the armor: the obfuscation is susceptible, and account IDs can be unscrambled!
It’s worth noting that NotNite isn’t your average user; in 2023, she critiqued GShade, a widely used add-on. GShade was a popular tool for applying custom shaders and filters to games, often used for screenshots or aesthetic purposes. However, it wasn’t open source. In response, NotNite created an alternative to GShade, leading to a series of events that ultimately saw the original creator put malware in the software, effectively banishing them from the modding community.
In her latest blog post regarding PlayerScope, she seems a tad embarrassed due to the commotion it sparked within the gaming community, so much so that it even caught attention from PC Gamer. Whoops!
In essence, I’m open to accepting her claim that account IDs can be restored to their original, unscrambled state and used normally. This won’t affect tools like PlayerScope much, but they might need to put in a bit more effort to figure out the decryption algorithm on their own.
It’s worth mentioning that NotNite hasn’t disclosed her method for solving the algorithm, as this information could hand over the blueprint to undesirable individuals—but given her success, it’s likely that others will eventually figure it out, and it seems just a matter of time.
This predicament poses a significant safety issue and a major public relations problem for Square Enix, leaving both me and NotNite puzzled. Intrigued by this, I contacted NotNite regarding it, and she shares my bewilderment.
‘SE probably wants to hire someone’
In his email, NotNite suggests that Square Enix (SE), particularly their Final Fantasy XIV team, may not have many staff specialized in security. Instead, he believes they are primarily game developers with limited expertise in cybersecurity, which might be due to SE’s preference for hiring individuals with extensive experience in this area. This isn’t a criticism of the employees, but rather a reflection of Square Enix’s priorities.
Final Fantasy 14, being over a decade old and quickly developed following the setbacks of version 1.0, had me questioning if Square Enix might be grappling with their own infrastructure issues. However, after observing it, NotNite isn’t entirely convinced of that assumption.
Certain aspects of the block/mute mechanism are managed on the user’s end, and that’s why these details are initially sent to the client. Migrating this functionality to the server would necessitate a redesign of the entire system, which might be avoided due to the substantial effort involved compared to concealing account IDs.
Regarding the strategy they’re considering, she isn’t entirely convinced it’s the best approach. In other words, scrambling the account IDs in an irreversible manner might not produce the desired results. Here’s why: The structure of these harmful add-ons, such as PlayerScope, functions by sending every account ID to a centralized database. When fresh uploads arrive, they are compared with existing account IDs, and a match is made if there’s a similarity.
Instead of being able to compare your account ID with others who have previously recorded theirs, you can only compare it with your own. However, you would need to record all the data locally first, then upload just the match information to the main database.
In essence, her point is that the ideal approach is to cease transmitting such data to the client, since the most robust security strategy involves minimizing the transfer of sensitive information. However, it appears Square Enix hasn’t adopted this lesson as of now.
A more secure approach would be to cease transmitting such data to the user, since the most robust protection strategy often involves minimizing the amount of confidential details exchanged.
She has several ideas on how this catastrophe may have transpired: “I suppose they were in a hurry to finish everything before 7.2, quickly applied whatever solution came to mind for the account IDs, and didn’t reconsider or contemplate about potential ways a malicious user could misuse it.
She further notes, “They likely didn’t know that it could be reversed,” and “they’d rather not overhaul the system completely due to the extensive development hours involved, as they prefer to use those resources for creating the game instead.” However, NotNite emphasizes, “It’s essential to invest time in fixing it correctly. Designing systems securely may be time-consuming, but it’s a crucial and valuable process for games and applications online.
In the world of Final Fantasy 14, mod usage falls into a somewhat ambiguous position. While using mods violates the terms of service, Square Enix doesn’t actively ban users unless they’ve been reported for mod use or are clearly and openly cheating. The official stance is “don’t use them,” but in reality, it seems more like “don’t use them, but don’t get caught.
As a gamer, I gotta say, it’s Square Enix who’s primarily responsible for designing the system in this manner, not some specific modding community like the Dalamud plugin framework. Now, let me clarify what I mean by that. The Dalamud launcher is a popular tool that assists us players in gathering, downloading, and running plugins. But here’s the kicker – even though it serves as a central hub, it lacks the ability to halt mods such as PlayerScope altogether.
As a devoted fan, I’ve been fielding queries like, “Why can’t Dalamud simply ban PlayerScope?”. To clarify, the ongoing in-game bug allows potential vulnerabilities for various third-party tools, including those that monitor network activity. While it’s important to note that these tools typically have no intention of doing so, they technically could access account IDs if configured to do so.
Essentially, it’s clear that things are terribly disorganized in this game. The responsibility lies squarely with Square Enix to create a game free of major, apparent security flaws such as these. I regret having to criticize one of my favorite MMOs, given how much I’ve been enjoying Patch 7.2 overall. However, the current state is disappointing, particularly when considering Square Enix’s history of inadequate protection against stalking survivors within their games.
After more than a decade, Final Fantasy 14 finally introduced a blacklist designed to safeguard players, yet this change unexpectedly exposed them to new vulnerabilities. Their subsequent efforts to rectify the issue seem incomplete at best. This is utterly unacceptable. I hope they swiftly address these concerns and improve the situation.
1. As an enthusiast, I’d say the best MMOs offer me a world that’s vast and immersive, where camaraderie and adventure are in abundance.
2. When it comes to strategy games, I find myself engrossed in the intricate mechanics, where every number seems to matter significantly.
3. Open-world games are my playground, offering endless exploration opportunities that keep me hooked and discovering new things.
4. Survival games provide me with the unique experience of living, crafting, and loving in a challenging environment. It’s not just a game; it’s a lifestyle!
5. In the realm of horror games, I am constantly on the edge of my seat, torn between fighting for survival or fleeing in terror.
Read More
- AUCTION PREDICTION. AUCTION cryptocurrency
- Pokémon Destined Rivals: Release date, pre-order and what to expect
- JK Simmons Opens Up About Recording Omni-Man for Mortal Kombat 1
- Pregnant Woman’s Dish Soap Craving Blows Up on TikTok!
- Stephen A. Smith Responds to Backlash Over Serena Williams Comments
- POL PREDICTION. POL cryptocurrency
- Daredevil: Born Again Spoiler – Is Foggy Nelson Alive? Fan Theory Explodes!
- BERA PREDICTION. BERA cryptocurrency
- Is Disney Faking Snow White Success with Orchestrated Reviews?
- AEW Fans Are Loving Toni Storm’s Uncanny Mariah May Cosplay From Dynamite
2025-03-27 20:34